Access control for memory protection key architecture

ABSTRACT

A processing system includes a processing core to execute a task and a memory management unit, coupled to the core. The memory management unit includes a protection key register comprising a plurality of fields. Each field comprising a set of bits reflecting a memory access permission for each of a plurality of memory domains. The memory management unit also includes a plurality of protection key mask registers. Each of the protection key mask registers comprising a mask having a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in a memory domain of the plurality of memory domains identified by an index of the protection key mask register. The memory management unit is, responsive to receiving a request to modify the protection key register by the code page residing in the memory domain, to select a protection key mask register among the plurality of protection key mask registers and to apply a mask comprised by selected protection key mask register indexed by an identifier of the memory domain.

TECHNICAL FIELD

The embodiments of the disclosure relate generally to a computing device, and, more specifically, relate to access control for memory protection key architecture.

BACKGROUND

A computing device may include one or more processing cores in one or more processors (such as central processing units (CPUs)) for executing instructions and a memory device (such as random-access memory (RAM)) for storing instructions and data associated with executing tasks (including user application and system application such as the kernel of an operating system) on the one or more processing cores. Instructions of each application program address the memory using virtual addresses (or linear addresses) of a virtual memory which may be translated into physical addresses of the memory by a memory management unit (MMU) associated with the one or more processors.

BRIEF DESCRIPTION OF THE DRAWINGS

The disclosure will be understood more fully from the detailed description given below and from the accompanying drawings of various embodiments of the disclosure. The drawings, however, should not be taken to limit the disclosure to the specific embodiments, but are for explanation and understanding only.

FIG. 1 illustrates a processing system according an embodiment of the present disclosure.

FIG. 2 illustrates an example of a block diagram of processing a request to modify a protection key register according to an embodiment of the present disclosure.

FIG. 3 is a detailed diagram of the memory management unit according to an embodiment of the present disclosure.

FIG. 4 is a flow diagram illustrating operations of memory management unit to access control for memory protection key architecture according to an embodiment of the present disclosure.

FIG. 5A is a block diagram illustrating a micro-architecture for a processor in which one embodiment of the disclosure may be used.

FIG. 5B is a block diagram illustrating an in-order pipeline and a register renaming stage, out-of-order issue/execution pipeline implemented according to at least one embodiment of the disclosure.

FIG. 6 illustrates a block diagram of the micro-architecture for a processor in accordance with one embodiment of the disclosure.

FIG. 7 is a block diagram illustrating a system in which an embodiment of the disclosure may be used.

FIG. 8 is a block diagram of a system in which an embodiment of the disclosure may operate.

FIG. 9 is a block diagram of a system in which an embodiment of the disclosure may operate.

FIG. 10 is a block diagram of a System-on-a-Chip (SoC) in accordance with an embodiment of the present disclosure

FIG. 11 is a block diagram of an embodiment of an SoC design in accordance with the present disclosure.

FIG. 12 illustrates a block diagram of one embodiment of a computer system.

DETAILED DESCRIPTION

An application program may be associated with a privilege level that determines its access mode (e.g., as a user or as a supervisor) to memory. For example, a user application may have a low privilege of a user-mode, and a system application (such as the kernel) may have a high privilege of a supervisor-mode. The task executed on a processing core may need to access (read, write or execute) memory referenced by the virtual addresses, which may be translated into the physical addresses of the memory by the memory management unit.

A page table entry is an item of a page table that is used to map virtual addresses to physical addresses of the memory. The page table entry may include a field to store the type of page referenced by the page table entry. For example, a set bit (“1”) indicates a user page, while a cleared bit (“0”) indicates a supervisor page. The memory pages whose page table entry indicate a user page may be accessed by tasks running at any privilege levels (including user applications having a user-mode access and system applications having a supervisor-mode access), while memory pages whose page table entry indicate a supervisor page are restricted to tasks running at the privilege level higher than the user level. In one embodiment, the operating system may assign a portion of the memory as supervisor pages reserved for the kernel of the operating system. The operating system may also assign a portion of the memory to user pages for use by user application programs.

A protection key architecture provides a number domains, which are used to tag a memory page of a process. The protection key architecture includes a protection key register, which contains attributes such as memory access permissions (e.g., read, write or execute) associated with each of the domains. When memory is accessed, in addition to a permission check associated with the page table as discussed above, the protection key also requires that the domain associated with the memory page (page) have granted the memory access permission associated with the type of memory access permission. For example, a write requires that the domain of the page where the address resides is to have a write permission.

In certain implementations, the attributes of the domain that can be changed may be limited by a process running in a low privilege mode with a mask in a protection key mask register. If a mask bit i is set, then low privilege mode can change the memory access permissions associated with domain i. As such, updates to the bits in the protection key register in the low privilege mode is only allowed when the bit in the protection key mask register is set. The mask bits are managed by the software operating in the high privilege mode. However, such implementations do not distinguish between different parts of a process running at the low privilege mode. For example, a library that is linked with the application code could inadvertently change the memory access permission of any domains associated with the low privilege mode.

Embodiments of the present disclosure alleviate the above noted and other deficiencies by implementing a protection key architecture that enables the software running in a high privilege mode to authorize specific code on specific pages of the low privilege software process to change the memory access permissions for a specific set of memory domains. In one embodiment, the memory management unit may comprise a plurality of protection key mask registers, such that each protection key mask register comprises a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in the memory domain identified by the index of the protection key mask register.

FIG. 1 illustrates a system-on-a-chip (SoC) 100 including a processing system to protect the memory according an embodiment of the present disclosure. The SoC 100 may include a processor (such as a central processing unit (CPU)) 102 and a memory that are connected to each other via a bus system 108. The processor 102 may execute tasks such as system applications and user applications using the memory 104 to store the instructions of the programs and data associated with the programs.

In one embodiment, the processor 102 may further include one or more processing cores 110 and a memory management unit (MMU) 112. The one or more processing cores are the engines within the processor 102 for executing the tasks. In one embodiment, the tasks executed on processing cores 110 do not access the memory 104 directly using the physical addresses of the memory. Instead, the tasks access a virtual memory through virtual addresses (also known as linear addresses). The memory management unit 112, coupled between the processing cores 110 and the memory, may map the virtual addresses of the virtual memory to the physical addresses of the memory 104. The space of virtual addresses may be divided into fixed sized units called pages. A page of the virtual addresses may be mapped correspondingly into fixed-sized units in the space of the physical addresses of the memory 104 called memory frames.

In one embodiment, the memory 104 may include a virtual address page table 122 for storing mappings between pages of virtual addresses to physical addresses. The mappings may be the mapping between identifiers of pages (or page numbers) to identifiers of memory frames (or memory frame numbers). The memory frame numbers determine the region of the memory 104 allocated to a task.

In one embodiment, the virtual address page table 122 may include one or more page table entries (PTEs) 120. The page table entries are also known as leaf nodes of the page table. In one embodiment, a page table entry 120 of the virtual address page table 122 may be loaded into a page table register 130 of the memory management unit 112 so that the memory management unit 112 may perform the memory address mapping. Each of the page table entries may store one or more memory frame numbers that are identified according to virtual address page numbers. In one embodiment, a task executing on the processing cores 110 may allocate a block of memory by specifying one or more virtual address ranges. A virtual address may include a first portion including one or more bits (e.g., the high-order twenty bits) indicating the virtual address page number and a second portion of bits (e.g., the lower-order 12 bits) indicating the byte offset within a memory frame corresponding to the page. The memory management unit 112 may use the virtual address page number to identify a memory frame number stored in the page table entry 120, and combine the identified memory frame number and the offset byte to form a physical address for accessing the memory 104. The physical address corresponding to the virtual address may be stored in a buffer.

In one embodiment, the page table entry 120 may further include a protection key section 118 to store a protection key selected by the operating system for the page table entry 120 at the time of its creation. In one embodiment, the operating system may select the protection key from a set of existing protection keys available to the operating system. For example, there may be sixteen protection keys available for the operating system to select, and the operating system may select one that is designated as the default protection key by the operating system or one protection key that is selected by an application. In one embodiment, a protection key is a string of binary bits (e.g., 4 bits) that is used as an identifier to retrieve a set of memory access permissions stored in one or more permission registers.

In one embodiment, the memory management unit 112 may include a protection key register 128. The protection key register 128 may be a user permission register such that the protection key register is modifiable by a process having a user privilege level. The protection key register 128 is a register including a number of fields each storing a set of memory access permissions for a set of user pages. In one embodiment, the protection key 118 stored in a page table entry 120 may identify a particular permission stored in a field of the protection key register 128. For example, the protection key 118 may be an index to the field that stores the set of permissions of the protection key register 128. Therefore, each set of permissions stored in the protection key register 128 may be uniquely retrieved according the protection key 128 and the user or supervisor memory access U/S mode 114 in the page table entry 120.

In one embodiment, each field of the protection key register 118 may store a set of permission including a number of memory access permission bits. In one embodiment, the set of permissions may include a first bit to indicate whether read access is enabled or disabled, a second bit to indicate whether write access is enabled or disabled, and a third bit to indicate whether execution access is enabled or disabled. In one embodiment, the permission may also include bits indicating permissions for encrypting the memory frames stored in the page table entry 120 and other defined attributes.

In one embodiment, the protection key 118 associates each of the memory pages being executed with a one or more memory domains (domains). In one embodiment, upon execution of an instruction to modify the protection key register 128, i.e. update a permission in a protection key register 128, an instruction pointer (IP) is used to look up the protection key 118 for the memory page containing the IP.

In one embodiment, the memory management unit 112 may include a plurality of protection key mask registers 126 a-126 n (126). Each of the protection key mask registers 126 may be a supervisor permission register such that the protection key mask registers are modifiable by a process having a higher privilege level than the user privilege level. Each protection key mask register 126 is a register storing a plurality of bits. Each of the bits reflects an access permission to a corresponding bit of the protection key register 128. In one embodiment, the protection key 118 stored in a page table entry 120 may be used to select one of the protection key mask register 126. For example, the protection key 118 may be an index into which of the set of the protection key mask registers 126 is used for an instruction residing in the virtual address mapped by the page table entry 120. Therefore, each set of domains stored in the protection key mask register 126 may be uniquely retrieved according to the protection key 118 in the page table entry 120. Although, one page table entry 120 with one protection key 118 is shown in FIG. 1, one of ordinary skill in the art would appreciate that there would be a plurality of page table entries 120 having a plurality of protection keys 118 each of which would index to the field that stores the set of domains in the each of protection key mask registers 126.

In one embodiment, during execution of the instruction to modify the protection key register 128, the protection key 118 looks up the plurality of protection key mask registers 126 and selects one of the plurality of the protection key mask registers 126 based on the value of the protection key 118 for the page table entry 120 that maps the virtual address of the instruction. The protection key mask register 126 that is selected by the protection key functions to control changes to the protection key register 128. The selected protection key mask register 126 controls which bits are in the protection key register 128 are to be modified as described herein below.

In one embodiment, each field of the protection key mask registers 126 may store a plurality of bits. Each of the bits reflects an access permission to a corresponding field of the protection key register 128 by a code page residing in the domain. As discussed above, the domain in the protection key mask register 126 is identified by the index, protection key 118, which results in a mask contained in the protection key mask register 126. In one embodiment, the mask contained in the protection key mask register 126 determines which bits in the protection key register 128 can be updated by the instruction. As discussed above, the bits include permissions such as read access permission, write access permission and execution access permission. In one embodiment, the mask in the protection key mask register 126 is utilized during access to the protection key register 128. In one embodiment, the mask in the protection key mask register 126 utilizes context of the instruction from the page in the domain to determine which bits in the protection key register 128 are to be updated. In one embodiment, the mask includes a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in the memory domain identified by an index of the protection key mask register;

In one embodiment, a value is assigned to the bits of the mask in the protection key mask register 126 in order to determine whether the corresponding bits in the protection key register 128 are to be updated. In one embodiment, the value is assigned based on a policy set by the operating system or application. For example, the operating system may set bits in the second of the protection key mask register 126 b to allow updates of the permissions associated with a set of domains that are assigned to code from virtual pages associated with the protection key 118 that selected that protection key mask register 126 b. In one embodiment, the bit of the mask in the protection key mask register 126 having a value of 1 indicates that the corresponding bits in the protection key register 128 are to be updated. In one embodiment, the bit of the mask in the protection key mask register having a value of 0 indicates that the corresponding bits in the protection key register 126 are not to be updated.

In one embodiment, the memory management unit 112 receives a request to modify the protection key register 128 by a specific page residing in a specific domain. The memory management unit 112 may include logics to apply the mask in the protection key mask register 126 to modify the memory access permission in the protection key register 128. As discussed above, the mask is indexed by the protection key 118 of the domain in the protection key mask register 126.

In one embodiment, the memory management unit 112 may include logics to check the memory access permission for the task to prevent certain types of memory accesses (e.g., those caused by stray accesses). In one embodiment, each page table entry 120 may include one or more status bits to check for status associated with the memory 104. Details of the status check are discussed in conjunction with the description of FIG. 3.

In one embodiment, the memory management unit 112 may include an AND logic circuit 132 including input pins to receive the set of modified permissions from the protection key register 128 and from the memory access permission generated based on the status bits stored in the page table entry 120. The AND logic circuit 132 may combine the set of modified permissions received from the protection key register 128 with the memory access permission generated based on the status bits stored in the page table entry 120 to generate an access permission for accessing the memory frames referenced in the page table entry 120.

FIG. 2 illustrates an example of a block diagram 200 of processing a request to modify a protection key register according to an embodiment of the present disclosure.

In one embodiment, upon execution of the instruction 214 to modify a protection key register 208 (i.e. update a permission in the protection key register 208), the instruction pointer (IP) 210 is used to look up a protection key 118 for the page 212 in the page table entry 202 containing the IP. In one embodiment, the protection key 218 associates the page 212 being executed with the domain. In one embodiment, the protection key 216 is a string of n bits of binary code that may be used as an identifier to the domains stored in the fields of the plurality of protection key mask registers 206 a-206 n (206). In one embodiment, each of the protection key mask registers 206 is indexed by the domain (i.e. the domain identified by a current value of the IP 210) of the page that attempts to modify the protection key register 208.

In one embodiment, during execution of the instruction to modify the protection key register 208, the protection key 218 looks up the plurality of protection key mask registers 206 and selects one of the plurality of the protection key mask registers 206. The protection key 218 looks up the plurality of protection key mask registers 206 and selects one of the plurality of the protection key mask registers 206 based on the value of the protection key 118 for the page table entry in the page table 202 that maps the virtual address of the instruction. The protection key mask register 206 that is selected by the protection key 218 functions to modify the protection key register 208. The selected protection key register 206 controls which bits are in the protection key register 208 are to be modified as described herein below.

In one embodiment, each field of the protection key mask register 206 may store a plurality of bits. Each of the bits reflects an access permission to a corresponding field of the protection key register 208 by a code page residing in the domain. As discussed above, the domain in the protection key mask register 208 is identified by the index, protection key 218, which results in a mask contained in the protection key mask register 206. As discussed above, the mask includes a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in the memory domain identified by an index of the protection key mask register.

In one embodiment, the mask in the protection key mask register 206 utilizes context of the instruction from the page 212 in the domain to determine which bits in the protection key register 208 are to be modified. As discussed above, bits of the mask in the protection key mask register 206 correspond to the bits in the protection key register 208. In one embodiment, a value is assigned to the bits of the mask in the protection key mask register 206 in order to determine whether the corresponding bits in the protection key register 208 are to be updated. In one embodiment, the value is assigned based on a policy set by the operating system or application. For example, the operating system may set bits in the protection key mask register 206 b to allow updates of the permissions associated with a set of domains that are assigned to code from virtual pages associated with the protection key 218 that selected that protection key mask register 206 b. In one embodiment, the bit of the mask in the protection key mask register 206 having a value of 1 indicates that the corresponding bits in the protection key register 208 are to be updated. In one embodiment, the bit of the mask in the protection key mask register 206 having a value of 0 indicates that the corresponding bits in the protection key register 208 are not to be updated.

The output of the protection key register 208 is a protection key register update 220, which includes a set of modified permissions from the protection key register 208. The protection key register update 220 sets the protection key register 208 value as described above herein.

FIG. 3 illustrates a detailed memory management unit 300 according to an embodiment of the present disclosure. In one embodiment, the memory management unit 300 is same as the memory management unit 112 of FIG. 1. As shown in FIG. 3, the memory management unit 300 may include a page table register 302 into which a page table entry of the page table is loaded, and a protection key register 308 (such as the user permission register) dedicated to memory frames of the supervisor mode. The page table entry 302 may be one of multiple page table entries stored in a page table 114 as shown in FIG. 1. The protection key register 308 may include a number of fields to store the memory access permissions associated with each protection key 318.

In one embodiment, the page table entry 302 may include one or more status bits, a protection key section 318 and a memory frame number section 322. The memory frame number section 322 (e.g., 32 bits in size) stores the memory frame numbers that the page numbers of virtual addresses are mapped to.

In one embodiment, the one or more status bits may include a Present/Absent (P/A) 324 bit indicating whether the memory frames of the page table entry is in the memory. A “1” of the P/A bit 324 may indicate that the memory frames are in the memory, and a “0” may indicate that the memory frames are swapped out of the memory to the disk. The one or more status bit may include a Read/Write (R/W) bit 318 indicating the memory access permission to the portion of the memory specified by the memory frames in the page table entry 302. For example, a “0” of the R/W bit 318 may indicate that the portion of the memory is read-only (or cannot write), and a “1” may indicate that the portion of the memory can be read and write. The one or more status bits may include a XD bit 326 indicating the execution permission to the instructions stored in the portion of memory. For example, a “1” of the XD bit 326 may indicate that instruction fetches from the portion of memory are not allowed.

In one embodiment, the page table entry 302 may include a memory access mode bit or user/supervisor (U/S) status bit 314 indicating the privilege level of the task that is to access the memory frames referenced by the memory frame numbers of the page table entry 302. In one embodiment, a “1” of the U/S status bit 314 may indicate that the task having a user-mode privilege or higher can access memory frames identified in the page table entry 302, and a “0” of the U/S status bit 314 may indicate that only tasks having a supervisor-mode access may access the memory frames.

In one embodiment, the protection key section 318 may store an n-bit protection key (PKEY) that is tagged by the operating system to the page table register 302 for protecting memory frames of the page table register 302. In one embodiment, in response to mapping a memory frame in the task, the operating system may select a protection key (PKEY) from a number of protection keys available to the operating system and use the selected protection key to tag the page table register 302. In one embodiment, the operating system may provide an interface that application can use to request the specific protection key be used in a memory page. In one embodiment, the protection key is a string of n bits of binary code that may be used as an identifier to the permissions stored in the fields of the protection key register 308. For example, a protection key of 0010 may point to the field of protection key register 308 identified at 0010 position.

In one embodiment, since the protection key 318 is n-bit in length, the protection key register 308 may include uniquely addressable 2″ fields.

In one embodiment, each set of permissions stored in the fields of the protection key register 308 may include a number of memory access permission bits 330. In one embodiment, the set of permission bits 330 may include a first bit to indicate whether read access is enabled or disabled, a second bit to indicate whether write access is enabled or disabled, and a third bit to indicate whether execution access is enabled or disabled. In one embodiment, the permission may also include bits indicating permissions for encrypting the memory frames 322 stored in the page table register 302 and other defined attributes.

In one embodiment, the protection key register 308 may be accessed by a user application having a user-mode access. Instructions to read or write the protection key register 308 may be provided to user applications. For example, the instructions include a user permission register read instruction that may allow a user application program to read content in the memory domain, a user permission register write instruction that may allow the user application program to write content into the memory domain and a user permission register execute instruction that may allow the user application program to execute the content in the memory domain. By allowing the user application to directly manipulate the permissions stored in the protection key register 308, the performance overhead of changing the set of permissions through protection keys (e.g., by going through the operating system) may be reduced significantly, allowing for much broader use of the protection keys.

In one embodiment, the memory management unit 300 receives a request to modify the protection key register 308 by a specific page residing in a specific domain. The memory management unit 300 may include logics to apply a mask to modify the memory access permission in the protection key register 308. As discussed above, the mask includes a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register 308 by a code page residing in the memory domain, which is identified by the protection key 318. In one embodiment, the mask determines which bits in the protection key register 308 can be updated. As discussed above, the bits include permissions such as read access permission, write access permission and execution access permission.

In one embodiment, in response to a request to access the memory frames in the memory specified in the page table register 302, the memory management unit 300 may include an AND logic circuit 332. The AND logic circuit 332 may include at least two input pins to receive permission update (i.e. the modified set of permissions bits) outputted from the protection key register 308 and to receive one or more memory access status bits (such as XD 326, U/S 314, R/W 328, P/A 334) stored in the page table register 302 The AND logic circuit 332 may combine the modified set of permissions bits received from the protection key register 308 with the memory access status bits on the status bits stored in the page table entry 302 to generate an access permission for accessing the memory frames referenced in the page table register 302.

FIG. 4 is a flow diagram of a method of accessing control for memory protection key architecture by a memory management unit according to an embodiment of the present disclosure. Method 400 may be performed by processing logic that may include hardware (e.g., circuitry, dedicated logic, programmable logic, microcode, etc.), software (such as instructions run on a processing system, a general purpose computer system, or a dedicated machine), firmware, or a combination thereof. In one embodiment, method 400 may be performed, in part, by processing logics of any one of processing cores 110 executing an operating system with respect to FIG. 1.

For simplicity of explanation, the method 400 is depicted and described as a series of acts. However, acts in accordance with this disclosure can occur in various orders and/or concurrently and with other acts not presented and described herein. Furthermore, not all illustrated acts may be performed to implement the method 400 in accordance with the disclosed subject matter. In addition, those skilled in the art will understand and appreciate that the method 400 could alternatively be represented as a series of interrelated states via a state diagram or events.

Referring to FIG. 4, at block 402, the processing logic receives a request to modify a memory access permission in the protection key register by an instruction in a page residing in a particular domain. At block 404, the processing logic selects a protection key mask register among a plurality of protection key mask registers to determine/control which memory permissions are to be modified in the protection key register. Each protection key mask register is a register storing a plurality of bits. Each of the bits reflects an access permission to a corresponding bit of the protection key register. The protection key mask registers is selected based on a protection key stored in a page table. In one embodiment, the protection key may be an index into which the set of the protection key mask registers is used for an instruction residing in the virtual address mapped by a page table entry in the page table. At block 406, the processing logic applies a mask in the selected protection key mask register to determine whether to modify the memory access permission in the protection key register. As discussed above, the mask includes a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in the memory domain identified by the index of the protection key mask register. The protection key mask register may be a supervisor permission register such that the protection key mask register is modifiable by a process having a higher privilege level than the user privilege level. In one embodiment, the mask is indexed by an identifier (such as the protection key) of the page table entry associated with the domain.

At block 408, the processing logic checks a value assigned to a bit in the mask in the selected protection key mask register. In one embodiment, bits of the mask in the protection key mask register correspond to the bits in the protection key register. In one embodiment, the value is assigned based on a policy set by the operating system or application. For example, the operating system may set bits in a protection key mask register to allow updates of the permissions associated with a set of domains that are assigned to code from virtual pages associated with the protection key that selected that protection key mask register. At block 410, it is determined whether a value for the bit in the selected protection key mask register is 1. When at block 410, it is determined that the value is 1, then at block 412 the bit in the protection key register corresponding to the bit in the mask is modified. Block 4408 is repeated to check the next value assigned to the bit in the mask. When at block 410, it is determined that the value is not 1, the method repeats block 408 to check the next value assigned to the bit in the mask. In one embodiment, when the value is not 1, then the bit in the protection key register corresponding to the bit in the mask is not updated.

FIG. 5A is a block diagram illustrating an in-order pipeline and a register renaming stage, out-of-order issue/execution pipeline implemented by processing device 500 according to some embodiments of the disclosure. The solid lined boxes in FIG. 5A illustrate an in-order pipeline, while the dashed lined boxes illustrates a register renaming, out-of-order issue/execution pipeline. In FIG. 5A, a processor pipeline 500 includes a fetch stage 502, a length decode stage 504, a decode stage 506, an allocation stage 508, a renaming stage 510, a scheduling (also known as a dispatch or issue) stage 512, a register read/memory read stage 514, an execute stage 516, a write back/memory write stage 518, an exception handling stage 522, and a commit stage 524. In some embodiments, the ordering of stages 502-524 may be different than illustrated and are not limited to the specific ordering shown in FIG. 5A.

FIG. 5B is a block diagram illustrating a micro-architecture for a processor 500 that implements the processing device including heterogeneous cores in accordance with one embodiment of the disclosure. Specifically, processor 500 depicts an in-order architecture core and a register renaming logic, out-of-order issue/execution logic to be included in a processor according to at least one embodiment of the disclosure.

Processor 500 includes a front end unit 530 coupled to an execution engine unit 550, and both are coupled to a memory unit 570. The processor 500 may include a reduced instruction set computing (RISC) core, a complex instruction set computing (CISC) core, a very long instruction word (VLIW) core, or a hybrid or alternative core type. As yet another option, processor 500 may include a special-purpose core, such as, for example, a network or communication core, compression engine, graphics core, or the like. In one embodiment, processor 500 may be a multi-core processor or may part of a multi-processor system.

The front end unit 530 includes a branch prediction unit 532 coupled to an instruction cache unit 534, which is coupled to an instruction translation lookaside buffer (TLB) 536, which is coupled to an instruction fetch unit 538, which is coupled to a decode unit 540. The decode unit 540 (also known as a decoder) may decode instructions, and generate as an output one or more micro-operations, micro-code entry points, microinstructions, other instructions, or other control signals, which are decoded from, or which otherwise reflect, or are derived from, the original instructions. The decoder 540 may be implemented using various different mechanisms. Examples of suitable mechanisms include, but are not limited to, look-up tables, hardware implementations, programmable logic arrays (PLAs), microcode read only memories (ROMs), etc. The instruction cache unit 534 is further coupled to the memory unit 570. The decode unit 540 is coupled to a rename/allocator unit 552 in the execution engine unit 550.

The execution engine unit 550 includes the rename/allocator unit 552 coupled to a retirement unit 554 and a set of one or more scheduler unit(s) 556. The retirement unit 554 may include a memory management unit 503 to access control for a memory protection key architecture according to embodiments of the invention. The scheduler unit(s) 556 represents any number of different schedulers, including reservations stations (RS), central instruction window, etc. The scheduler unit(s) 556 is coupled to the physical register file(s) unit(s) 558. Each of the physical register file(s) units 558 represents one or more physical register files, different ones of which store one or more different data types, such as scalar integer, scalar floating point, packed integer, packed floating point, vector integer, vector floating point, etc., status (e.g., an instruction pointer that is the address of the next instruction to be executed), etc. The physical register file(s) unit(s) 558 is overlapped by the retirement unit 554 to illustrate various ways in which register renaming and out-of-order execution may be implemented (e.g., using a reorder buffer(s) and a retirement register file(s), using a future file(s), a history buffer(s), and a retirement register file(s); using a register maps and a pool of registers; etc.).

In one implementation, processor 500 may be the same as processor 102 described with respect to FIG. 1.

Generally, the architectural registers are visible from the outside of the processor or from a programmer's perspective. The registers are not limited to any known particular type of circuit. Various different types of registers are suitable as long as they are capable of storing and providing data as described herein. Examples of suitable registers include, but are not limited to, dedicated physical registers, dynamically allocated physical registers using register renaming, combinations of dedicated and dynamically allocated physical registers, etc. The retirement unit 554 and the physical register file(s) unit(s) 558 are coupled to the execution cluster(s) 560. The execution cluster(s) 560 includes a set of one or more execution units 562 and a set of one or more memory access units 564. The execution units 562 may perform various operations (e.g., shifts, addition, subtraction, multiplication) and operate on various types of data (e.g., scalar floating point, packed integer, packed floating point, vector integer, vector floating point).

While some embodiments may include a number of execution units dedicated to specific functions or sets of functions, other embodiments may include only one execution unit or multiple execution units that all perform all functions. The scheduler unit(s) 556, physical register file(s) unit(s) 558, and execution cluster(s) 560 are shown as being possibly plural because certain embodiments create separate pipelines for certain types of data/operations (e.g., a scalar integer pipeline, a scalar floating point/packed integer/packed floating point/vector integer/vector floating point pipeline, and/or a memory access pipeline that each have their own scheduler unit, physical register file(s) unit, and/or execution cluster—and in the case of a separate memory access pipeline, certain embodiments are implemented in which only the execution cluster of this pipeline has the memory access unit(s) 564). It should also be understood that where separate pipelines are used, one or more of these pipelines may be out-of-order issue/execution and the rest in-order.

The set of memory access units 564 is coupled to the memory unit 570, which may include a data prefetcher 580, a data TLB unit 572, a data cache unit (DCU) 574, and a level 2 (L2) cache unit 576, to name a few examples. In some embodiments DCU 574 is also known as a first level data cache (L1 cache). The DCU 574 may handle multiple outstanding cache misses and continue to service incoming stores and loads. It also supports maintaining cache coherency. The data TLB unit 572 is a cache used to improve virtual address translation speed by mapping virtual and physical address spaces. In one exemplary embodiment, the memory access units 564 may include a load unit, a store address unit, and a store data unit, each of which is coupled to the data TLB unit 572 in the memory unit 570. The L2 cache unit 576 may be coupled to one or more other levels of cache and eventually to a main memory.

In one embodiment, the data prefetcher 580 speculatively loads/prefetches data to the DCU 574 by automatically predicting which data a program is about to consume. Prefeteching may refer to transferring data stored in one memory location of a memory hierarchy (e.g., lower level caches or memory) to a higher-level memory location that is closer (e.g., yields lower access latency) to the processor before the data is actually demanded by the processor. More specifically, prefetching may refer to the early retrieval of data from one of the lower level caches/memory to a data cache and/or prefetch buffer before the processor issues a demand for the specific data being returned.

The processor 500 may support one or more instructions sets (e.g., the x86 instruction set (with some extensions that have been added with newer versions); the MIPS instruction set of MIPS Technologies of Sunnyvale, Calif.; the ARM instruction set (with optional additional extensions such as NEON) of ARM Holdings of Sunnyvale, Calif.).

It should be understood that the core may support multithreading (executing two or more parallel sets of operations or threads), and may do so in a variety of ways including time sliced multithreading, simultaneous multithreading (where a single physical core provides a logical core for each of the threads that physical core is simultaneously multithreading), or a combination thereof (e.g., time sliced fetching and decoding and simultaneous multithreading thereafter such as in the Intel® Hyperthreading technology).

While register renaming is described in the context of out-of-order execution, it should be understood that register renaming may be used in an in-order architecture. While the illustrated embodiment of the processor also includes a separate instruction and data cache units and a shared L2 cache unit, alternative embodiments may have a single internal cache for both instructions and data, such as, for example, a Level 1 (L1) internal cache, or multiple levels of internal cache. In some embodiments, the system may include a combination of an internal cache and an external cache that is external to the core and/or the processor. Alternatively, all of the cache may be external to the core and/or the processor.

FIG. 6 illustrates a block diagram of the micro-architecture for a processor 600 that includes hybrid cores in accordance with one embodiment of the disclosure. In some embodiments, an instruction in accordance with one embodiment can be implemented to operate on data elements having sizes of byte, word, doubleword, quadword, etc., as well as datatypes, such as single and double precision integer and floating point datatypes. In one embodiment the in-order front end 601 is the part of the processor 600 that fetches instructions to be executed and prepares them to be used later in the processor pipeline.

The front end 601 may include several units. In one embodiment, the instruction prefetcher 626 fetches instructions from memory and feeds them to an instruction decoder 628 which in turn decodes or interprets them. For example, in one embodiment, the decoder decodes a received instruction into one or more operations called “micro-instructions” or “micro-operations” (also called micro op or uops) that the machine can execute. In other embodiments, the decoder parses the instruction into an opcode and corresponding data and control fields that are used by the micro-architecture to perform operations in accordance with one embodiment. In one embodiment, the trace cache 630 takes decoded uops and assembles them into program ordered sequences or traces in the uop queue 634 for execution. When the trace cache 630 encounters a complex instruction, the microcode ROM 632 provides the uops needed to complete the operation.

Some instructions are converted into a single micro-op, whereas others need several micro-ops to complete the full operation. In one embodiment, if more than four micro-ops are needed to complete an instruction, the decoder 628 accesses the microcode ROM 632 to do the instruction. For one embodiment, an instruction can be decoded into a small number of micro ops for processing at the instruction decoder 628. In another embodiment, an instruction can be stored within the microcode ROM 632 should a number of micro-ops be needed to accomplish the operation. The trace cache 630 refers to an entry point programmable logic array (PLA) to determine a correct micro-instruction pointer for reading the micro-code sequences to complete one or more instructions in accordance with one embodiment from the micro-code ROM 632. After the microcode ROM 632 finishes sequencing micro-ops for an instruction, the front end 601 of the machine resumes fetching micro-ops from the trace cache 630.

The out-of-order execution engine 603 is where the instructions are prepared for execution. The out-of-order execution logic has a number of buffers to smooth out and re-order the flow of instructions to optimize performance as they go down the pipeline and get scheduled for execution. The allocator logic allocates the machine buffers and resources that each uop needs in order to execute. The register renaming logic renames logic registers onto entries in a register file. The allocator also allocates an entry for each uop in one of the two uop queues, one for memory operations and one for non-memory operations, in front of the instruction schedulers: memory scheduler, fast scheduler 602, slow/general floating point scheduler 604, and simple floating point scheduler 606. The uop schedulers 602, 604, 606, determine when a uop is ready to execute based on the readiness of their dependent input register operand sources and the availability of the execution resources the uops need to complete their operation. The fast scheduler 602 of one embodiment can schedule on each half of the main clock cycle while the other schedulers can only schedule once per main processor clock cycle. The schedulers arbitrate for the dispatch ports to schedule uops for execution.

Register files 608, 610, sit between the schedulers 602, 604, 606, and the execution units 612, 614, 616, 618, 620, 622, 624 in the execution block 611. There is a separate register file 608, 610, for integer and floating point operations, respectively. Each register file 608, 610, of one embodiment also includes a bypass network that can bypass or forward just completed results that have not yet been written into the register file to new dependent uops. The integer register file 608 and the floating point register file 610 are also capable of communicating data with the other. For one embodiment, the integer register file 608 is split into two separate register files, one register file for the low order 32 bits of data and a second register file for the high order 32 bits of data. The floating point register file 610 of one embodiment has 128 bit wide entries because floating point instructions typically have operands from 64 to 128 bits in width.

The execution block 611 contains the execution units 612, 614, 616, 618, 620, 622, 624, where the instructions are actually executed. This section includes the register files 608, 610, that store the integer and floating point data operand values that the micro-instructions need to execute. The processor 600 of one embodiment is comprised of a number of execution units: address generation unit (AGU) 612, AGU 614, fast ALU 616, fast ALU 618, slow ALU 620, floating point ALU 622, floating point move unit 624. For one embodiment, the floating point execution blocks 622, 624, execute floating point, MMX, SIMD, and SSE, or other operations. The floating point ALU 622 of one embodiment includes a 64 bit by 64 bit floating point divider to execute divide, square root, and remainder micro-ops. For embodiments of the present disclosure, instructions involving a floating point value may be handled with the floating point hardware.

In one embodiment, the ALU operations go to the high-speed ALU execution units 616, 618. The fast ALUs 616, 618, of one embodiment can execute fast operations with an effective latency of half a clock cycle. For one embodiment, most complex integer operations go to the slow ALU 620 as the slow ALU 620 includes integer execution hardware for long latency type of operations, such as a multiplier, shifts, flag logic, and branch processing. Memory load/store operations are executed by the AGUs 612, 614. For one embodiment, the integer ALUs 616, 618, 620, are described in the context of performing integer operations on 64 bit data operands. In alternative embodiments, the ALUs 616, 618, 620, can be implemented to support a variety of data bits including 16, 32, 128, 256, etc. Similarly, the floating point units 622, 624, can be implemented to support a range of operands having bits of various widths. For one embodiment, the floating point units 622, 624, can operate on 128 bits wide packed data operands in conjunction with SIMD and multimedia instructions.

In one embodiment, the uops schedulers 602, 604, 606, dispatch dependent operations before the parent load has finished executing. As uops are speculatively scheduled and executed in processor 600, the processor 600 also includes logic to handle memory misses. If a data load misses in the data cache, there can be dependent operations in flight in the pipeline that have left the scheduler with temporarily incorrect data. A replay mechanism tracks and re-executes instructions that use incorrect data. Only the dependent operations need to be replayed and the independent ones are allowed to complete. The schedulers and replay mechanism of one embodiment of a processor are also designed to catch instruction sequences for text string comparison operations.

The processor 600 also includes logic to implement store address prediction for memory disambiguation according to embodiments of the disclosure. In one embodiment, the execution block 611 of processor 600 may include a store address predictor (not shown) for implementing store address prediction for memory disambiguation.

The processor 600 may include a retirement unit 654 coupled to the execution block 611. The retirement unit 654 may include a memory management unit 605 to access control for a memory protection key architecture according to embodiments of the invention.

The term “registers” may refer to the on-board processor storage locations that are used as part of instructions to identify operands. In other words, registers may be those that are usable from the outside of the processor (from a programmer's perspective). However, the registers of an embodiment should not be limited in meaning to a particular type of circuit. Rather, a register of an embodiment is capable of storing and providing data, and performing the functions described herein. The registers described herein can be implemented by circuitry within a processor using any number of different techniques, such as dedicated physical registers, dynamically allocated physical registers using register renaming, combinations of dedicated and dynamically allocated physical registers, etc. In one embodiment, integer registers store thirty-two bit integer data. A register file of one embodiment also contains eight multimedia SIMD registers for packed data.

For the discussions below, the registers are understood to be data registers designed to hold packed data, such as 64 bits wide MMXTM registers (also referred to as ‘mm’ registers in some instances) in microprocessors enabled with MMX technology from Intel Corporation of Santa Clara, Calif. These MMX registers, available in both integer and floating point forms, can operate with packed data elements that accompany SIIVID and SSE instructions. Similarly, 128 bits wide XMM registers relating to SSE2, SSE3, SSE4, or beyond (referred to generically as “SSEx”) technology can also be used to hold such packed data operands. In one embodiment, in storing packed data and integer data, the registers do not need to differentiate between the two data types. In one embodiment, integer and floating point are either contained in the same register file or different register files. Furthermore, in one embodiment, floating point and integer data may be stored in different registers or the same registers.

Referring now to FIG. 7, shown is a block diagram illustrating a system 700 in which an embodiment of the disclosure may be used. As shown in FIG. 7, multiprocessor system 700 is a point-to-point interconnect system, and includes a first processor 770 and a second processor 780 coupled via a point-to-point interconnect 750. While shown with only two processors 770, 780, it is to be understood that the scope of embodiments of the disclosure is not so limited. In other embodiments, one or more additional processors may be present in a given processor. In one embodiment, the multiprocessor system 700 may implement hybrid cores as described herein.

Processors 770 and 780 are shown including integrated memory controller units 772 and 782, respectively. Processor 770 also includes as part of its bus controller units point-to-point (P-P) interfaces 776 and 778; similarly, second processor 780 includes P-P interfaces 786 and 788. Processors 770, 780 may exchange information via a point-to-point (P-P) interface 750 using P-P interface circuits 778, 788. As shown in FIG. 7, IMCs 772 and 782 couple the processors to respective memories, namely a memory 732 and a memory 734, which may be portions of main memory locally attached to the respective processors.

Processors 770, 780 may each exchange information with a chipset 790 via individual P-P interfaces 752, 754 using point to point interface circuits 776, 794, 786, 798. Chipset 790 may also exchange information with a high-performance graphics circuit 738 via a high-performance graphics interface 739.

A shared cache (not shown) may be included in either processor or outside of both processors, yet connected with the processors via P-P interconnect, such that either or both processors' local cache information may be stored in the shared cache if a processor is placed into a low power mode.

Chipset 790 may be coupled to a first bus 716 via an interface 796. In one embodiment, first bus 716 may be a Peripheral Component Interconnect (PCI) bus, or a bus such as a PCI Express bus or another third generation I/O interconnect bus, although the scope of the present disclosure is not so limited.

As shown in FIG. 7, various I/O devices 714 may be coupled to first bus 716, along with a bus bridge 718 which couples first bus 716 to a second bus 720. In one embodiment, second bus 720 may be a low pin count (LPC) bus. Various devices may be coupled to second bus 720 including, for example, a keyboard and/or mouse 722, communication devices 727 and a storage unit 728 such as a disk drive or other mass storage device which may include instructions/code and data 730, in one embodiment. Further, an audio I/O 724 may be coupled to second bus 720. Note that other architectures are possible. For example, instead of the point-to-point architecture of FIG. 7, a system may implement a multi-drop bus or other such architecture.

Referring now to FIG. 8, shown is a block diagram of a system 800 in which one embodiment of the disclosure may operate. The system 800 may include one or more processors 810, 815, which are coupled to graphics memory controller hub (GMCH) 820. The optional nature of additional processors 815 is denoted in FIG. 8 with broken lines. In one embodiment, processors 810, 815 implement hybrid cores according to embodiments of the disclosure.

Each processor 810, 815 may be some version of the circuit, integrated circuit, processor, and/or silicon integrated circuit as described above. However, it should be noted that it is unlikely that integrated graphics logic and integrated memory control units would exist in the processors 810, 815. FIG. 8 illustrates that the GMCH 820 may be coupled to a memory 840 that may be, for example, a dynamic random access memory (DRAM). The DRAM may, for at least one embodiment, be associated with a non-volatile cache.

The GMCH 820 may be a chipset, or a portion of a chipset. The GMCH 820 may communicate with the processor(s) 810, 815 and control interaction between the processor(s) 810, 815 and memory 840. The GMCH 820 may also act as an accelerated bus interface between the processor(s) 810, 815 and other elements of the system 800. For at least one embodiment, the GMCH 820 communicates with the processor(s) 810, 815 via a multi-drop bus, such as a frontside bus (FSB) 895.

Furthermore, GMCH 820 is coupled to a display 845 (such as a flat panel or touchscreen display). GMCH 820 may include an integrated graphics accelerator. GMCH 820 is further coupled to an input/output (I/O) controller hub (ICH) 850, which may be used to couple various peripheral devices to system 800. Shown for example in the embodiment of FIG. 8 is an external graphics device 860, which may be a discrete graphics device, coupled to ICH 850, along with another peripheral device 870.

Alternatively, additional or different processors may also be present in the system 800. For example, additional processor(s) 815 may include additional processors(s) that are the same as processor 810, additional processor(s) that are heterogeneous or asymmetric to processor 810, accelerators (such as, e.g., graphics accelerators or digital signal processing (DSP) units), field programmable gate arrays, or any other processor. There can be a variety of differences between the processor(s) 810, 815 in terms of a spectrum of metrics of merit including architectural, micro-architectural, thermal, power consumption characteristics, and the like. These differences may effectively manifest themselves as asymmetry and heterogeneity amongst the processors 810, 815. For at least one embodiment, the various processors 810, 815 may reside in the same die package.

Referring now to FIG. 9, shown is a block diagram of a system 900 in which an embodiment of the disclosure may operate. FIG. 9 illustrates processors 970, 980. In one embodiment, processors 970, 980 may implement hybrid cores as described above. Processors 970, 980 may include integrated memory and I/O control logic (“CL”) 972 and 982, respectively and intercommunicate with each other via point-to-point interconnect 950 between point-to-point (P-P) interfaces 978 and 988 respectively. Processors 970, 980 each communicate with chipset 990 via point-to-point interconnects 952 and 954 through the respective P-P interfaces 976 to 994 and 986 to 998 as shown. For at least one embodiment, the CL 972, 982 may include integrated memory controller units. CLs 972, 982 may include I/O control logic. As depicted, memories 932, 934 coupled to CLs 972, 982 and I/O devices 914 are also coupled to the control logic 972, 982. Legacy I/O devices 915 are coupled to the chipset 990 via interface 996.

Embodiments may be implemented in many different system types. FIG. 10 is a block diagram of a SoC 1000 in accordance with an embodiment of the present disclosure. Dashed lined boxes are optional features on more advanced SoCs. In FIG. 10, an interconnect unit(s) 1012 is coupled to: an application processor 1020 which includes a set of one or more cores 1002A-N and shared cache unit(s) 1006; a system agent unit 1010; a bus controller unit(s) 1016; an integrated memory controller unit(s) 1014; a set or one or more media processors 1018 which may include integrated graphics logic 1008, an image processor 1024 for providing still and/or video camera functionality, an audio processor 1026 for providing hardware audio acceleration, and a video processor 1028 for providing video encode/decode acceleration; an static random access memory (SRAM) unit 1030; a direct memory access (DMA) unit 1032; and a display unit 1040 for coupling to one or more external displays. In one embodiment, a memory module may be included in the integrated memory controller unit(s) 1014. In another embodiment, the memory module may be included in one or more other components of the SoC 1000 that may be used to access and/or control a memory. The application processor 1020 may include a store address predictor for implementing hybrid cores as described in embodiments herein.

The memory hierarchy includes one or more levels of cache within the cores, a set or one or more shared cache units 1006, and external memory (not shown) coupled to the set of integrated memory controller units 1014. The set of shared cache units 1006 may include one or more mid-level caches, such as level 2 (L2), level 3 (L3), level 4 (L4), or other levels of cache, a last level cache (LLC), and/or combinations thereof.

In some embodiments, one or more of the cores 1002A-N are capable of multi-threading. The system agent 1010 includes those components coordinating and operating cores 1002A-N. The system agent unit 1010 may include for example a power control unit (PCU) and a display unit. The PCU may be or include logic and components needed for regulating the power state of the cores 1002A-N and the integrated graphics logic 1008. The display unit is for driving one or more externally connected displays.

The cores 1002A-N may be homogenous or heterogeneous in terms of architecture and/or instruction set. For example, some of the cores 1002A-N may be in order while others are out-of-order. As another example, two or more of the cores 1002A-N may be capable of execution the same instruction set, while others may be capable of executing only a subset of that instruction set or a different instruction set.

The application processor 1020 may be a general-purpose processor, such as a Core™ i3, i5, i7, 2 Duo and Quad, Xeon™, Itanium™, Atom™ or Quark™ processor, which are available from Intel™ Corporation, of Santa Clara, Calif. Alternatively, the application processor 1020 may be from another company, such as ARM Holdings™, Ltd, MIPS™, etc. The application processor 1020 may be a special-purpose processor, such as, for example, a network or communication processor, compression engine, graphics processor, co-processor, embedded processor, or the like. The application processor 1020 may be implemented on one or more chips. The application processor 1020 may be a part of and/or may be implemented on one or more substrates using any of a number of process technologies, such as, for example, BiCMOS, CMOS, or NMOS.

FIG. 11 is a block diagram of an embodiment of a system on-chip (SoC) design in accordance with the present disclosure. As a specific illustrative example, SoC 1100 is included in user equipment (UE). In one embodiment, UE refers to any device to be used by an end-user to communicate, such as a hand-held phone, smartphone, tablet, ultra-thin notebook, notebook with broadband adapter, or any other similar communication device. Often a UE connects to a base station or node, which potentially corresponds in nature to a mobile station (MS) in a GSM network.

Here, SOC 1100 includes 2 cores—1106 and 1107. Cores 1106 and 1107 may conform to an Instruction Set Architecture, such as an Intel® Architecture Core™-based processor, an Advanced Micro Devices, Inc. (AMD) processor, a MIPS-based processor, an ARM-based processor design, or a customer thereof, as well as their licensees or adopters. Cores 1106 and 1107 are coupled to cache control 1108 that is associated with bus interface unit 1109 and L2 cache 1110 to communicate with other parts of system 1100. Interconnect 1110 includes an on-chip interconnect, such as an IOSF, AMBA, or other interconnect discussed above, which potentially implements one or more aspects of the described disclosure. In one embodiment, cores 1106, 1107 may implement hybrid cores as described in embodiments herein.

Interconnect 1110 provides communication channels to the other components, such as a Subscriber Identity Module (SIM) 1130 to interface with a SIM card, a boot ROM 1135 to hold boot code for execution by cores 1106 and 1107 to initialize and boot SoC 1100, a SDRAM controller 1140 to interface with external memory (e.g. DRAM 1160), a flash controller 1145 to interface with non-volatile memory (e.g. Flash 1165), a peripheral control 1150 (e.g. Serial Peripheral Interface) to interface with peripherals, video codecs 1120 and Video interface 1125 to display and receive input (e.g. touch enabled input), GPU 1115 to perform graphics related computations, etc. Any of these interfaces may incorporate aspects of the disclosure described herein. In addition, the system 1100 illustrates peripherals for communication, such as a Bluetooth module 1170, 3G modem 1175, GPS 1180, and Wi-Fi 1185.

FIG. 12 illustrates a diagrammatic representation of a machine in the example form of a computer system 1200 within which a set of instructions, for causing the machine to perform any one or more of the methodologies discussed herein, may be executed. In alternative embodiments, the machine may be connected (e.g., networked) to other machines in a LAN, an intranet, an extranet, or the Internet. The machine may operate in the capacity of a server or a client device in a client-server network environment, or as a peer machine in a peer-to-peer (or distributed) network environment. The machine may be a personal computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a server, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single machine is illustrated, the term “machine” shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.

The computer system 1200 includes a processing device 1202, a main memory 1204 (e.g., read-only memory (ROM), flash memory, dynamic random access memory (DRAM) (such as synchronous DRAM (SDRAM) or DRAM (RDRAM), etc.), a static memory 1206 (e.g., flash memory, static random access memory (SRAM), etc.), and a data storage device 1218, which communicate with each other via a bus 1230.

Processing device 1202 represents one or more general-purpose processing devices such as a microprocessor, central processing unit, or the like. More particularly, the processing device may be complex instruction set computing (CISC) microprocessor, reduced instruction set computer (RISC) microprocessor, very long instruction word (VLIW) microprocessor, or processor implementing other instruction sets, or processors implementing a combination of instruction sets. Processing device 1202 may also be one or more special-purpose processing devices such as an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a digital signal processor (DSP), network processor, or the like. In one embodiment, processing device 1202 may include one or processing cores. The processing device 1202 is configured to execute the processing logic 1226 for performing the operations and steps discussed herein. In one embodiment, processing device 1202 is the same as processor architecture 100 described with respect to FIG. 1 as described herein with embodiments of the disclosure.

The computer system 1200 may further include a network interface device 1208 communicably coupled to a network 1220. The computer system 1200 also may include a video display unit 1210 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)), an alphanumeric input device 1212 (e.g., a keyboard), a cursor control device 1214 (e.g., a mouse), and a signal generation device 1216 (e.g., a speaker). Furthermore, computer system 1200 may include a graphics processing unit 1222, a video processing unit 1228, and an audio processing unit 1232.

The data storage device 1218 may include a machine-accessible storage medium 1224 on which is stored software 1226 implementing any one or more of the methodologies of functions described herein, such as implementing store address prediction for memory disambiguation as described above. The software 1226 may also reside, completely or at least partially, within the main memory 1204 as instructions 1226 and/or within the processing device 1202 as processing logic 1226 during execution thereof by the computer system 1200; the main memory 1204 and the processing device 1202 also constituting machine-accessible storage media.

The machine-readable storage medium 1224 may also be used to store instructions 1226 implementing store address prediction for hybrid cores such as described according to embodiments of the disclosure. While the machine-accessible storage medium 1128 is shown in an example embodiment to be a single medium, the term “machine-accessible storage medium” should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions. The term “machine-accessible storage medium” shall also be taken to include any medium that is capable of storing, encoding or carrying a set of instruction for execution by the machine and that cause the machine to perform any one or more of the methodologies of the present disclosure. The term “machine-accessible storage medium” shall accordingly be taken to include, but not be limited to, solid-state memories, and optical and magnetic media.

The following examples pertain to further embodiments.

Example 1 is a processing system comprising a processing core to execute an instruction in a task and a memory management unit, comprising a protection key register comprising a plurality of fields, each field comprising a set of bits reflecting a memory access permission for each of a plurality of memory domains; and a plurality of protection key mask registers, each protection key mask register comprising a mask having a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in a memory domain of the plurality of memory domains identified by an index of the protection key mask register; wherein the memory management unit is, responsive to receiving a request to modify the protection key register by the code page residing in the memory domain, to select a protection key mask register among the plurality of protection key mask registers and to apply a mask comprised by selected protection key mask register indexed by an identifier of the memory domain.

In Example 2, the subject matter of Example 1 can optionally include wherein the protection key mask register is selected based on a value of the identifier.

In Example 3, the subject matter of any one of Examples 1-2 can optionally include wherein a value is assigned to each of the plurality of bits in the mask.

In Example 4, the subject matter of any one of Examples 1-3 can optionally include wherein the value is assigned based on a policy set by one of an operating system or an application.

In Example 5, the subject matter of any one of Examples 1-4 can optionally include wherein the memory management unit to modify the corresponding bit in the protection key register in view of the value.

In Example 6, the subject matter of any one of Examples 1-5 can optionally include wherein the memory access permissions comprises one of a read permission to read content in the memory domain, a write permission to write content into the memory domain or an execute permission to execute content in the memory domain.

In Example 7, the subject matter of any one of Examples 1-6 can optionally include wherein the protection key register is modifiable by a process having a user privilege level.

In Example 8, the subject matter of any one of Examples 1-7 can optionally include wherein the protection key mask register is modifiable by a process having a privilege level higher than a user privilege level.

Example 9 is a system-on-a chip (SoC) comprising a memory and a processor, communicatively coupled to the memory, comprising a processing core to execute a task; and a memory management unit, coupled to the processing core, comprising a protection key register comprising a plurality of fields, each field comprising a set of bits reflecting a memory access permission for each of a plurality of memory domains; and a plurality of protection key mask registers, each protection key mask register comprising a mask having a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in a memory domain among the plurality of memory domains identified by an index of the protection key mask register, wherein the memory management unit is, responsive to receiving a request to modify the protection key register by the code page residing in the memory domain, to select a protection key mask register among the plurality of protection key mask registers and to apply a mask comprised by selected protection key mask register indexed by an identifier of the memory domain.

In Example 10, the subject matter of Example 9 can optionally include wherein the protection key mask register is selected based on a value of the identifier.

In Example 11, the subject matter of any one of Examples 9-10 can optionally include wherein a value is assigned to each of the plurality of bits in the mask.

In Example 12, the subject matter of any one of Examples 9-11 can optionally include wherein the value is assigned based on a policy set by one of an operating system or an application.

In Example 13, the subject matter of any one of Examples 9-12 can optionally include wherein the memory management unit to modify the corresponding bit in the protection key register in view of the value.

In Example 14, the subject matter of any one of Examples 9-13 can optionally include wherein the memory access permissions comprises one of a read permission to read content in the memory domain, a write permission to write content into the memory domain or an execute permission to execute content in the memory domain.

Example 15 is a method comprising receiving a request to modify a protection key register by a code page residing in a memory domain wherein the protection key register comprising a plurality of fields, each field comprising a set of bits reflecting a memory access permission for each of a plurality of memory domains, wherein a plurality of protection key mask registers, each protection key mask register comprising a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in the memory domain among the plurality of memory domains identified by an index of the protection key mask register; selecting a protection key mask register among the plurality of protection key mask registers; and applying a mask comprised by the selected protection key mask register indexed by an identifier of the memory domain.

In Example 16, the subject matter of Example 15 can optionally include wherein the protection key mask register is selected based on a value of the identifier.

In Example 17, the subject matter of any one of Examples 15-16 can optionally include modifying the corresponding bit in the protection key register in in view of a value assigned to each of the plurality of bits in the mask, wherein the value is assigned based on a policy set by one of an operating system or an application.

Example 18 is a non-transitory machine-readable storage medium including data that, when accessed by a processing device, cause the processing device to perform operations comprising receiving a request to modify a protection key register by a code page residing in a memory domain wherein the protection key register comprising a plurality of fields, each field comprising a set of bits reflecting a memory access permission for each of a plurality of memory domains, wherein a plurality of protection key mask registers, each protection key mask register comprising a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in the memory domain among the plurality of memory domains identified by an index of the protection key mask register; selecting a protection key mask register among the plurality of protection key mask registers; and applying a mask comprised by the selected protection key mask register indexed by an identifier of the memory domain.

In Example 19, the subject matter of Example 18 can optionally include wherein the protection key mask register is selected based on a value of the identifier.

In Example 20, the subject matter of any one of Examples 18-19 can optionally include wherein the operations further comprising modifying the corresponding bit in the protection key register in view of a value assigned to each of the plurality of bits in the mask, wherein the value is assigned based on a policy set by one of an operating system or an application.

While the disclosure has been described with respect to a limited number of embodiments, those skilled in the art will appreciate numerous modifications and variations there from. It is intended that the appended claims cover all such modifications and variations as fall within the true spirit and scope of this disclosure.

A design may go through various stages, from creation to simulation to fabrication. Data representing a design may represent the design in a number of manners. First, as is useful in simulations, the hardware may be represented using a hardware description language or another functional description language. Additionally, a circuit level model with logic and/or transistor gates may be produced at some stages of the design process. Furthermore, most designs, at some stage, reach a level of data representing the physical placement of various devices in the hardware model. In the case where conventional semiconductor fabrication techniques are used, the data representing the hardware model may be the data specifying the presence or absence of various features on different mask layers for masks used to produce the integrated circuit. In any representation of the design, the data may be stored in any form of a machine readable medium. A memory or a magnetic or optical storage such as a disc may be the machine readable medium to store information transmitted via optical or electrical wave modulated or otherwise generated to transmit such information. When an electrical carrier wave indicating or carrying the code or design is transmitted, to the extent that copying, buffering, or re-transmission of the electrical signal is performed, a new copy is made. Thus, a communication provider or a network provider may store on a tangible, machine-readable medium, at least temporarily, an article, such as information encoded into a carrier wave, embodying techniques of embodiments of the present disclosure.

A module as used herein refers to any combination of hardware, software, and/or firmware. As an example, a module includes hardware, such as a micro-controller, associated with a non-transitory medium to store code adapted to be executed by the micro-controller. Therefore, reference to a module, in one embodiment, refers to the hardware, which is specifically configured to recognize and/or execute the code to be held on a non-transitory medium. Furthermore, in another embodiment, use of a module refers to the non-transitory medium including the code, which is specifically adapted to be executed by the microcontroller to perform predetermined operations. And as can be inferred, in yet another embodiment, the term module (in this example) may refer to the combination of the microcontroller and the non-transitory medium. Often module boundaries that are illustrated as separate commonly vary and potentially overlap. For example, a first and a second module may share hardware, software, firmware, or a combination thereof, while potentially retaining some independent hardware, software, or firmware. In one embodiment, use of the term logic includes hardware, such as transistors, registers, or other hardware, such as programmable logic devices.

Use of the phrase ‘configured to,’ in one embodiment, refers to arranging, putting together, manufacturing, offering to sell, importing and/or designing an apparatus, hardware, logic, or element to perform a designated or determined task. In this example, an apparatus or element thereof that is not operating is still ‘configured to’ perform a designated task if it is designed, coupled, and/or interconnected to perform said designated task. As a purely illustrative example, a logic gate may provide a 0 or a 1 during operation. But a logic gate ‘configured to’ provide an enable signal to a clock does not include every potential logic gate that may provide a 1 or 0. Instead, the logic gate is one coupled in some manner that during operation the 1 or 0 output is to enable the clock. Note once again that use of the term ‘configured to’ does not require operation, but instead focus on the latent state of an apparatus, hardware, and/or element, where in the latent state the apparatus, hardware, and/or element is designed to perform a particular task when the apparatus, hardware, and/or element is operating.

Furthermore, use of the phrases ‘to,’ ‘capable of/to,’ and or ‘operable to,’ in one embodiment, refers to some apparatus, logic, hardware, and/or element designed in such a way to enable use of the apparatus, logic, hardware, and/or element in a specified manner. Note as above that use of to, capable to, or operable to, in one embodiment, refers to the latent state of an apparatus, logic, hardware, and/or element, where the apparatus, logic, hardware, and/or element is not operating but is designed in such a manner to enable use of an apparatus in a specified manner.

A value, as used herein, includes any known representation of a number, a state, a logical state, or a binary logical state. Often, the use of logic levels, logic values, or logical values is also referred to as 1's and 0's, which simply represents binary logic states. For example, a 1 refers to a high logic level and 0 refers to a low logic level. In one embodiment, a storage cell, such as a transistor or flash cell, may be capable of holding a single logical value or multiple logical values. However, other representations of values in computer systems have been used. For example, the decimal number ten may also be represented as a binary value of 910 and a hexadecimal letter A. Therefore, a value includes any representation of information capable of being held in a computer system.

Moreover, states may be represented by values or portions of values. As an example, a first value, such as a logical one, may represent a default or initial state, while a second value, such as a logical zero, may represent a non-default state. In addition, the terms reset and set, in one embodiment, refer to a default and an updated value or state, respectively. For example, a default value potentially includes a high logical value, i.e. reset, while an updated value potentially includes a low logical value, i.e. set. Note that any combination of values may be utilized to represent any number of states.

The embodiments of methods, hardware, software, firmware or code set forth above may be implemented via instructions or code stored on a machine-accessible, machine readable, computer accessible, or computer readable medium which are executable by a processing element. A non-transitory machine-accessible/readable medium includes any mechanism that provides (i.e., stores and/or transmits) information in a form readable by a machine, such as a computer or electronic system. For example, a non-transitory machine-accessible medium includes random-access memory (RAM), such as static RAM (SRAM) or dynamic RAM (DRAM); ROM; magnetic or optical storage medium; flash memory devices; electrical storage devices; optical storage devices; acoustical storage devices; other form of storage devices for holding information received from transitory (propagated) signals (e.g., carrier waves, infrared signals, digital signals); etc., which are to be distinguished from the non-transitory mediums that may receive information there from.

Instructions used to program logic to perform embodiments of the disclosure may be stored within a memory in the system, such as DRAM, cache, flash memory, or other storage. Furthermore, the instructions can be distributed via a network or by way of other computer readable media. Thus a machine-readable medium may include any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computer), but is not limited to, floppy diskettes, optical disks, Compact Disc, Read-Only Memory (CD-ROMs), and magneto-optical disks, Read-Only Memory (ROMs), Random Access Memory (RAM), Erasable Programmable Read-Only Memory (EPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), magnetic or optical cards, flash memory, or a tangible, machine-readable storage used in the transmission of information over the Internet via electrical, optical, acoustical or other forms of propagated signals (e.g., carrier waves, infrared signals, digital signals, etc.). Accordingly, the computer-readable medium includes any type of tangible machine-readable medium suitable for storing or transmitting electronic instructions or information in a form readable by a machine (e.g., a computer).

Reference throughout this specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure. Thus, the appearances of the phrases “in one embodiment” or “in an embodiment” in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

In the foregoing specification, a detailed description has been given with reference to specific exemplary embodiments. It will, however, be evident that various modifications and changes may be made thereto without departing from the broader spirit and scope of the disclosure as set forth in the appended claims. The specification and drawings are, accordingly, to be regarded in an illustrative sense rather than a restrictive sense. Furthermore, the foregoing use of embodiment and other exemplarily language does not necessarily refer to the same embodiment or the same example, but may refer to different and distinct embodiments, as well as potentially the same embodiment. 

What is claimed is:
 1. A processing system comprising: a processing core to execute an instruction in a task; and a memory management unit, comprising: a protection key register comprising a plurality of fields, each field comprising a set of bits reflecting a memory access permission for each of a plurality of memory domains; and a plurality of protection key mask registers, each protection key mask register comprising a mask having a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in a memory domain of the plurality of memory domains identified by an index of the protection key mask register; wherein the memory management unit is, responsive to receiving a request to modify the protection key register by the code page residing in the memory domain, to select a protection key mask register among the plurality of protection key mask registers and to apply a mask comprised by selected protection key mask register indexed by an identifier of the memory domain.
 2. The processing system of claim 1, wherein the protection key mask register is selected based on a value of the identifier.
 3. The processing system of claim 1 wherein a value is assigned to each of the plurality of bits in the mask.
 4. The processing system of claim 3 wherein the value is assigned based on a policy set by one of an operating system or an application.
 5. The processing system of claim 3 wherein the memory management unit to modify the corresponding bit in the protection key register in view of the value.
 6. The processing system of claim 1 wherein the memory access permissions comprises one of a read permission to read content in the memory domain, a write permission to write content into the memory domain or an execute permission to execute content in the memory domain.
 7. The processing system of claim 1, wherein the protection key register is modifiable by a process having a user privilege level.
 8. The processing system of claim 1 wherein the protection key mask register is modifiable by a process having a privilege level higher than a user privilege level.
 9. A system-on-a chip (SoC) comprising: a memory; and a processor, communicatively coupled to the memory, comprising: a processing core to execute a task; and a memory management unit, coupled to the processing core, comprising: a protection key register comprising a plurality of fields, each field comprising a set of bits reflecting a memory access permission for each of a plurality of memory domains; and a plurality of protection key mask registers, each protection key mask register comprising a mask having a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in a memory domain among the plurality of memory domains identified by an index of the protection key mask register, wherein the memory management unit is, responsive to receiving a request to modify the protection key register by the code page residing in the memory domain, to select a protection key mask register among the plurality of protection key mask registers and to apply a mask comprised by selected protection key mask register indexed by an identifier of the memory domain.
 10. The SoC of claim 9, wherein the protection key mask register is selected based on a value of the identifier.
 11. The SoC of claim 10 wherein a value is assigned to each of the plurality of bits in the mask.
 12. The SoC of claim 11 wherein the value is assigned based on a policy set by one of an operating system or an application.
 13. The SoC of claim 11 wherein the memory management unit to modify the corresponding bit in the protection key register in view of the value.
 14. The SoC of claim 9 wherein the memory access permissions comprises one of a read permission to read content in the memory domain, a write permission to write content into the memory domain or an execute permission to execute content in the memory domain.
 15. A method comprising: receiving a request to modify a protection key register by a code page residing in a memory domain wherein the protection key register comprising a plurality of fields, each field comprising a set of bits reflecting a memory access permission for each of a plurality of memory domains, wherein a plurality of protection key mask registers, each protection key mask register comprising a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in the memory domain among the plurality of memory domains identified by an index of the protection key mask register; selecting a protection key mask register among the plurality of protection key mask registers; and applying a mask comprised by the selected protection key mask register indexed by an identifier of the memory domain.
 16. The method of claim 15 wherein the protection key mask register is selected based on a value of the identifier.
 17. The method of claim 16, further comprising modifying the corresponding bit in the protection key register in in view of a value assigned to each of the plurality of bits in the mask, wherein the value is assigned based on a policy set by one of an operating system or an application.
 18. A non-transitory machine-readable storage medium including instructions that, when accessed by a processing device, cause the processing device to perform operations comprising: receiving a request to modify a protection key register by a code page residing in a memory domain wherein the protection key register comprising a plurality of fields, each field comprising a set of bits reflecting a memory access permission for each of a plurality of memory domains, wherein a plurality of protection key mask registers, each protection key mask register comprising a plurality of bits, each bit reflecting an access permission to a corresponding field of the protection key register by a code page residing in the memory domain among the plurality of memory domains identified by an index of the protection key mask register; selecting a protection key mask register among the plurality of protection key mask registers; and applying a mask comprised by the selected protection key mask register indexed by an identifier of the memory domain.
 19. The non-transitory machine-readable storage medium of claim 18, wherein the protection key mask register is selected based on a value of the identifier.
 20. The non-transitory machine-readable storage medium of claim 19, wherein the operations further comprising modifying the corresponding bit in the protection key register in view of a value assigned to each of the plurality of bits in the mask, wherein the value is assigned based on a policy set by one of an operating system or an application. 